Vulnerabilities > Totolink > X5000R Firmware > 9.1.0u.6369.b20230113

DATE CVE VULNERABILITY TITLE RISK
2024-02-17 CVE-2024-25468 OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0U.6369B20230113
An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote attacker to cause a denial of service via the host_time parameter of the NTPSyncWithHost component.
network
low complexity
totolink CWE-78
7.5
7.5
2023-05-31 CVE-2023-33485 Out-of-bounds Write vulnerability in Totolink X5000R Firmware 9.1.0U.6118B20201102/9.1.0U.6369B20230113
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function.
network
low complexity
totolink CWE-787
8.8
8.8
2023-05-31 CVE-2023-33486 Command Injection vulnerability in Totolink X5000R Firmware 9.1.0U.6118B20201102/9.1.0U.6369B20230113
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setOpModeCfg.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2023-05-31 CVE-2023-33487 Command Injection vulnerability in Totolink X5000R Firmware 9.1.0U.6118B20201102/9.1.0U.6369B20230113
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the "ip" parameter.
network
low complexity
totolink CWE-77
critical
 9.8
9.8
2023-05-05 CVE-2023-30013 OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0U.6118B20201102/9.1.0U.6369B20230113
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg.
network
low complexity
totolink CWE-78
critical
 9.8
9.8